hxxps://storage[.]cbr[.]team/LawActs/file?pageid=RgHvLlX&pdf=a41c9

Analysis

max time kernel
336s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2023, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://storage.cbr.team/LawActs/file?pageid=RgHvLlX&pdf=a41c9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396655549342444"	chrome.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
228	chrome.exe
228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe
Token: SeShutdownPrivilege	2140	chrome.exe
Token: SeCreatePagefilePrivilege	2140	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
636	7zG.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 1088	2140	chrome.exe	27
PID 2140 wrote to memory of 1088	2140	chrome.exe	27
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 1400	2140	chrome.exe	89
PID 2140 wrote to memory of 3400	2140	chrome.exe	88
PID 2140 wrote to memory of 3400	2140	chrome.exe	88
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90
PID 2140 wrote to memory of 1016	2140	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://storage.cbr.team/LawActs/file?pageid=RgHvLlX&pdf=a41c9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3a599758,0x7ffe3a599768,0x7ffe3a599778
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2364 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4052 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5888 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2860 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4880 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1872 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6136 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=1904,i,11949680824762071899,11371675909617932646,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1880

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Скорректированный перечень требований ПАО__БАНК_УРАЛСИБ_\" -spe -an -ai#7zMap22656:174:7zEvent31604
1⤵
- Suspicious use of FindShellTrayWindow
PID:636

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:3308
- C:\Windows\system32\certutil.exe
  certutil -hashfile "Скорректированный перечень требований.lnk" -md5
  2⤵
  PID:1204
- C:\Windows\system32\certutil.exe
  certutil -hashfile "Скорректированный перечень требований.lnk" -md5
  2⤵
  PID:2700

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:828
- C:\Windows\system32\certutil.exe
  certutil -hashfile asd.lnk md5
  2⤵
  PID:4796

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
cd5618ea3296d7079641730f8864eff9

SHA1
ed63af4525baa6fa460c84aee11eadf261d4390a

SHA256
160492f648272cacc331131ae698028ab7fc898391085aac70dd108b67f3d208

SHA512
4aef192b94978ccd13f8d39a6aafafb8e886da2e34e26da62c27e26f922a784df8c9ee9d54dce80c24d393fb7fb208b1502242439ef99a2eb1a2568c096dc827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d45096857fa23cf4cac2f12e43950f36

SHA1
7b46f13c7892914c5c0d2f860b5f363105f34ee7

SHA256
279b1e9637fe8eef76cc7fc11cc872d53b8312eb8a1645bc036e2d10f3a75300

SHA512
a28f301d41ec51b1eadd78b3b1e44d5bf4ab04d540dec9c3cd8423ee941f50878a5f64838a9d0f67f7c9516417432c950afc82191b061a4591c7de8874ac0feb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c1e522784ebc94848899e597df544674

SHA1
6eb05c50455b6683a7c30bb30dc2da6983347e84

SHA256
f8ff8fb6c9047ad4b3a9790320cd2d86b98d7b2cde0ba4452d7844b3b5ad1a6b

SHA512
38da6f6163d05b6b3015b39ef874a370159ac2f58a0d8bbda9ccfea1bf67397773ccbfc25be5cf7b5bfcf44d022fd5e59b0e6e5c7f15411052edc6f0730ec086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
66885bc7ca7bc806f71f28c28339c877

SHA1
b4a620745415df2d44695e43d5e73690791f81b0

SHA256
08b41b868a3209d351b2c779ba5bed1a66f601bb4cca8f23a1af9846e1be5314

SHA512
44ca39c533a6b841c95acac98ae9c5a4ba517e338678a9eeb50347d9b62e78b497fa55362b9b3c22c42606c44c8b9286743ad3d0ee218c0c6cbabda1f36eef89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
171cb0ee549a966b2fb982dc655a2835

SHA1
280d466a0c5077f86908e348c1a32fe8815d968b

SHA256
d27f1e66b475f24df906b3047e516e14bd1d2df3e1aed48d703417906d49616c

SHA512
c7dff9b9672601e16690cd5c4a63a66d39186c02fa6d0ec361d18866da92ffa5c572be25d354eb419624a89af1d051fe06b4b514972fded6f385b9b31653d08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0be662edd6ced17b935e6280102663dd

SHA1
168220ac0fcacbe9b86d27d3b01bec57b3526533

SHA256
65ebafa62e64f57589b2b24a8a3a92957c1658a76d9ebbabcc976927f08330be

SHA512
742031524cb483e87c7b23507f99805a2c0e3317d6a1e0c56f7e3e075bc194a2875fe762455ec16bb16910cccb8b9d3828a3836b0acaaed2786ee31e87a13534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c26f7d38b43bdffd46ba3216279ec98

SHA1
77d3c959429cfeb974cbb3b55f35f2720b92e703

SHA256
8edf32a569db508bdb9293c2d715625db2cf3c4e148b0042e38aca072ce1d3ae

SHA512
b314ffc26b1b253c3f16aaba497668f8bb972bfa79ff34eb84fd7251b1ebec2540fcf3235a9cffb96bfdcadf5e0988a89d497fc64cdc9fbe20ab676cac786086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
7a2a730964120bc2331a561c4ac0fadc

SHA1
8ccdee3269af2958eb30239dc72a481b2d0ba489

SHA256
b385143eaf8670db70c4800351f19e7ce1813bfc79f70c22b87b85a6551cf381

SHA512
d6051792c3f9c48c0ea0ab33f8c3ce60274da8f530373cfc2409dcb5b04a609cf58d14f796b7d9c059e18bf486c5fc77f94fd8b4cf165d73f2ecb05d0967ac39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
3c561fbaf447ad2a598b8e5adce71f24

SHA1
13564fc486b80e49591f1bebec2484d034ef1b1c

SHA256
e30f2402ac16df43c97b35a04864f262064145b9dc917354ecd11233bd917608

SHA512
819451bd9c1b8f722c761acf59afa22c4b73d301ded193d623b75768d57dde98f8cc0682b56de13533c7e1f27cc30399b0d35de700324fa851d6470a04de953e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
84f61aecbe80e215ccdebfa0d4789fa1

SHA1
2331d44381eedc01c7870232bd9e460bc56f2327

SHA256
5c2d6f352862c8e49b92bf222fbbb61035862d5ae910a7c8ff04cbcbcfdbfab0

SHA512
83dbc8b3e4290ccf8cba076e07343afe3133ced8e0d28146287f7a195740dd2517e0997b5497dd967e8943c5511a855ba104cf71888b7ed273425d2270806493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596f2b.TMP

Filesize
110KB

MD5
1c6a390a7e7343d4836c6b718d588546

SHA1
7e43fffd8ff03cb9c4454e634143f4dbbdae715c

SHA256
66db4bd0ea9888b5d17644b71b46010bf60347c6f618e52c3ad11e8e4444ae98

SHA512
5a84e7849cf170ef6b173907a96c6ca4a83c44a531b8d7d5830be529ee7cf1aaa631f86e0cb2e97fce322118dad69c83c293dc86887d404c983defa2c3c2b7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Скорректированный перечень требований ПАО__БАНК_УРАЛСИБ_.zip

Filesize
4KB

MD5
009ec0752e0486efe7f743aa3beadb57

SHA1
ae48e483c950508f452a9cc47ae60abf14afefd9

SHA256
f399f62ba2511ccd4ffabf15fa555dddf9fd2c5240ba76f1baf10ba99855a31a

SHA512
e0d19a00a3a39da659371b5879b878e2a37cbb2c4ceec97a53474e5a675b39d64f3059e11d49077578eb1028de496ae3d4af46d7fbf10c6823ce00d5efc05f0a

Download Submit
C:\Users\Admin\Downloads\Скорректированный перечень требований ПАО__БАНК_УРАЛСИБ_\Скорректированный перечень требований.lnk

Filesize
1KB

MD5
5e8e40ae2f73fd285faed2376711bfab

SHA1
7ef34a8eedfe82ade20383c1348418ccba1d3e1c

SHA256
02aee17e2e2e50292a407bb33009eadc37c3e616225487266676467b79f7325f

SHA512
dab0e9f289943917966d3a89391435f552e7e660c30c0f529ee937b25b41321184e2368ce4d356ba6274ca51bcb8e38fee9922e370bc7b7c12624ff541c7dd40

Download Submit